Hi ,
I will just again brief you about my understanding of the issue , Please correct me if I am wrong:
Issue : The port forwarding configured on the interface e0/0 for the host (192.168.192.3) and port forwarding for TCP works fine but does UDP is not working.
I am not able to see any UDP traffic on the SSG FW initiated for the interface IP of the e0/0 (192.168.192.3) and ports configured in the service "MN XX". You need to mention the IP address (192.168.192.3) in destination-ip field. The session limit output is shown for Hot zone which is incoming to bg0 interface and is of no use.
Can you please apply the specific filter with the source-ip , destination-ip eg:
# Login the device via root user and execute the below commands and initiate the UDP traffic to interface IP of e0/0 and destination port for VIP service:
++snoop filter del
++unset ff( run this till you see 'invalid id' output)
++set ff src-ip <Client> dst-ip 192.168.2.37
++set ff src-ip 192.168.2.37 dst-ip <Client>
++snoop filter ip src-ip <Client> dst-ip 192.168.2.37
++snoop filter ip src-ip 192.168.2.37 dst-ip <Client>
++set ff src-ip <Client> dst-ip 192.168.192.3
++set ff src-ip 192.168.192.3 dst-ip <Client>
++snoop filter ip src-ip <Client> dst-ip 192.168.192.3
++snoop filter ip src-ip 192.168.192.3 dst-ip <Client>
++clear db
++Snoop detail(make sure you are logged in as the root admin)
++snoop detail len 1514
Please start the wireshark capture on both client and servers at this point
++debug flow basic
++snoop (enter and press Y)
press 'esc' key on keyboard to stop both snoop and debug
++get db s (will provide you the output)
once the output is taken, run following commands to clear filters.
++snoop filter del
+ Kindly also provide me with network topology and traffic flow for better understanding.
Regards,
Rishi
JTAC